Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Threat Actor: CiberinteligenciaSV | CiberinteligenciaSV Victim: Citizens of El Salvador | El Salvador Price: Not specified Exfiltrated Data Type: Personally identifiable information (PII) and biometric data
Additional Information:
The personally identifiable information (PII) of over five million citizens from El Salvador was leaked on the Dark Web.…Summary: Law enforcement agencies from multiple countries have shut down 12 locations responsible for scam calls, arresting 21 individuals and seizing assets totaling €1 million ($1.08 million).
Threat Actor: Criminal network | criminal network Victim: Multiple victims | multiple victims
Key Point :
Law enforcement agencies from Germany, Albania, Bosnia-Herzegovina, Kosovo, and Lebanon collaborated to shut down 12 locations involved in scam calls.…Summary: This content discusses the continued relevance of passwords in digital authentication despite the availability of alternative methods, such as passkeys.
Threat Actor: N/A
Victim: N/A
Key Point :
The password is still widely used for digital authentication, despite predictions of its demise. A recent survey by the FIDO Alliance shows that passkeys are gaining popularity, with 22% of respondents enabling them on every account and 61% finding them more convenient than passwords.…This post is also available in: 日本語 (Japanese)
Executive SummaryIn this post, we examine lateral movement techniques, showcasing some that we have observed in the wild within cloud environments. Lateral movement can be achieved by leveraging both cloud APIs and access to compute instances, with access at the cloud level potentially extending to the latter.…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. Organizations often store a variety of data in SaaS applications and use services from CSPs.…
Summary: This content discusses the identification of vulnerabilities in Android apps from smartphone maker Xiaomi and Google’s Android Open Source Project (AOSP) by Oversecured, a business that scans mobile apps for security issues.
Threat Actor: Oversecured | Oversecured Victim: Xiaomi and Google’s Android Open Source Project (AOSP) | Xiaomi and Google’s Android Open Source Project (AOSP)
Key Point:
Oversecured has identified more than two dozen vulnerabilities in Android apps from Xiaomi and Google’s AOSP.…Summary: The content highlights the procurement and deployment of powerful foreign commercial spyware and surveillance products in Indonesia, with the country’s national police and cyber agency being among the top recipients or users of this technology.
Threat Actor: Intellexa, Candiru, Q Cyber Technologies (tied to NSO Group) | Intellexa, Candiru, Q Cyber Technologies
Victim: Indonesian authorities (national police and cyber agency) | Indonesian authorities
Key Point:
Powerful and invasive foreign commercial spyware and surveillance products are being procured by or deployed in Indonesia, with the country’s national police and cyber agency among the top recipients or users of the technology.…Summary: The article discusses the financial and reputational costs of cyber-attacks and highlights the unplanned expenses incurred by organizations as a result of these attacks.
Threat Actor: N/A Victim: N/A
Key Point :
79% of organizations detected a serious cyber-attack in the previous 12 months, with 20% losing competitive advantage, 16% experiencing a decrease in company valuation, 13% facing lawsuits, 14% experiencing customer churn, and 13% undergoing a change in senior leadership.…Summary: This content discusses the challenges of vulnerability management in cloud environments and the impact of cloud services on risk and vulnerability management.
Threat Actor: N/A Victim: N/A
Key Point:
Vulnerability management in cloud environments is different from traditional network environments. Cloud providers do not assign Common Vulnerabilities and Exposures (CVE) identifiers to vulnerabilities, making it challenging for vulnerability management teams who rely on CVE-based constructs.…An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.
The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.…
Written by: Ofir Rozmann, Asli Koksal, Adrian Hernandez, Sarah Bock, Jonathan Leathery
APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists.…
Threat Actor: Cyber attackers | Cyber attackers Victim: Dropbox Sign | Dropbox Sign Price: N/A Exfiltrated Data Type: Customer information, authentication data, API keys, OAuth tokens, multi-factor authentication details
Additional Information :
The threat actors breached the production infrastructure of the Dropbox Sign eSignature service. Customer information such as emails, usernames, phone numbers, and hashed passwords were accessed.…Summary: This article discusses a network detection and response startup, Corelight, securing $150 million in Series E funding to enhance product innovation and cover future operations.
Threat Actor: N/A Victim: N/A
Key Point :
Corelight, a network detection and response startup, has raised $150 million in Series E funding to expand its detection capabilities, improve workflows, and showcase its products.…Summary: The content discusses the most active ransomware groups in Q1 2024, with a focus on LockBit and its setback due to law enforcement actions.
Threat Actor: LockBit | LockBit Victim: N/A
Key Point :
LockBit, Black Basta, and Play were the most active ransomware groups in Q1 2024, with Black Basta experiencing a significant increase in activity.…Summary: A hacking group linked to Iran’s Revolutionary Guard Corps impersonated journalists and human rights activists as part of a social engineering campaign, targeting organizations such as The Washington Post and prominent think tanks.
Threat Actor: APT42 | APT42 Victim: Various news organizations and think tanks including The Washington Post, The Economist, and the Aspen Institute.…
Summary: Cybersecurity startup Oasis has completed its second fundraising round, raising $35 million in a Series A extension and doubling its valuation compared to the previous round. The company operates in the niche of identity management within organizations, focusing on Non-human Identity Management (NHIM) solutions.
Threat Actor: N/A
Victim: N/A
Key Point:
Oasis has completed its second fundraising round, raising $35 million in a Series A extension.…The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations
Key findingsThe cluster’s methods evolve continuously with new tools added to its arsenal. The use of password-protected archives enables the criminals to bypass defenses and deliver malware successfully.…Verizon’s 17th annual Data Breach Investigations Report (DBIR) for 2024 offers an in-depth look at the latest trends in data breaches and cyber security incidents. Analyzing data from over 30,458 incidents and 10,626 confirmed breaches between November 2022 and October 2023, Verizon DBIR 2024 provides crucial insights into the evolving threat landscape.…
Huntress analysts have previously observed INC ransomware being deployed, and recently observed this specific ransomware variant being deployed in a customer environment. The ransomware variant was identified, in part, through the threat actor’s efforts to verify that their deployment was effective, as illustrated through the following command line:
[.highlight]”C:windowssystem32NOTEPAD.EXE”[.highlight]…
The 2024 U.S. tax season is well underway, and as usual, scams of all kinds targeting taxpayers and causing the Internal Revenue Service (IRS) problems have cropped up. One such ongoing malicious campaign has explicitly been trailing its sights on small business owners and the self-employed.…